php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #37709 valgrind reports invalid reads in PDO::errorCode()
Submitted: 2006-06-06 09:07 UTC Modified: 2006-08-01 15:13 UTC
From: tony2001 at phpclub dot net Assigned: iliaa
Status: Closed Package: PDO related
PHP Version: 5CVS-2006-06-06 (CVS) OS: Linux
Private report: No CVE-ID:
 [2006-06-06 09:07 UTC] tony2001 at phpclub dot net
Description:
------------
==22003== Invalid read of size 1
==22003==    at 0x4906752: strlen (mac_replace_strmem.c:243)
==22003==    by 0x4F776E: zim_PDO_errorCode (pdo_dbh.c:955)
==22003==    by 0x69B845: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:200)
==22003==    by 0x69B072: execute (zend_vm_execute.h:92)
==22003==    by 0x67A634: zend_execute_scripts (zend.c:1100)
==22003==    by 0x632AC0: php_execute_script (main.c:1747)
==22003==    by 0x70130D: main (php_cli.c:1089)
==22003==  Address 0x730A474 is 148 bytes inside a block of size 344 free'd
==22003==    at 0x49055DD: free (vg_replace_malloc.c:235)
==22003==    by 0x697867: zend_objects_store_del_ref_by_handle (zend_objects_API.c:196)
==22003==    by 0x69787D: zend_objects_store_del_ref (zend_objects_API.c:158)
==22003==    by 0x4F7B4F: zim_PDO_query (zend_variables.h:35)
==22003==    by 0x69B845: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:200)
==22003==    by 0x69B072: execute (zend_vm_execute.h:92)
==22003==    by 0x67A634: zend_execute_scripts (zend.c:1100)
==22003==    by 0x632AC0: php_execute_script (main.c:1747)
==22003==    by 0x70130D: main (php_cli.c:1089)

==22003== Invalid read of size 1
==22003==    at 0x4906AF7: memcpy (mac_replace_strmem.c:394)
==22003==    by 0x65D557: zend_strndup (zend_alloc.c:439)
==22003==    by 0x4F7710: zim_PDO_errorCode (pdo_dbh.c:958)
==22003==    by 0x69B845: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:200)
==22003==    by 0x69B072: execute (zend_vm_execute.h:92)
==22003==    by 0x67A634: zend_execute_scripts (zend.c:1100)
==22003==    by 0x632AC0: php_execute_script (main.c:1747)
==22003==    by 0x70130D: main (php_cli.c:1089)
==22003==  Address 0x730A478 is 152 bytes inside a block of size 344 free'd
==22003==    at 0x49055DD: free (vg_replace_malloc.c:235)
==22003==    by 0x697867: zend_objects_store_del_ref_by_handle (zend_objects_API.c:196)
==22003==    by 0x69787D: zend_objects_store_del_ref (zend_objects_API.c:158)
==22003==    by 0x4F7B4F: zim_PDO_query (zend_variables.h:35)
==22003==    by 0x69B845: zend_do_fcall_common_helper_SPEC (zend_vm_execute.h:200)
==22003==    by 0x69B072: execute (zend_vm_execute.h:92)
==22003==    by 0x67A634: zend_execute_scripts (zend.c:1100)
==22003==    by 0x632AC0: php_execute_script (main.c:1747)
==22003==    by 0x70130D: main (php_cli.c:1089)

Note that PDO::query() *destroys* statement object as well as statement handle when query fails. So PDO::errorCode() operates on already destroyed statement handle.


Reproduce code:
---------------
See ext/pdo/tests/bug_34687.phpt.
I've reproduced it with sqlite2::memory, but that shouldn't matter.

Expected result:
----------------
No invalid reads?


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-06-07 03:33 UTC] iliaa@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 [2006-06-26 18:49 UTC] tony2001@php.net
Ilia, unfortunately your patch didn't help and I can still see the same invalid reads. Apparently it's reproducible only using --disable-zend-memory-manager.
 [2006-08-01 15:13 UTC] iliaa@php.net
I cannot reproduce this problem and the disable-zend-memory-
manager option is no longer available :/
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Thu Apr 17 03:01:55 2014 UTC